RichTextWidget: "special" characters lead to crash of widget if setText is used

eclipse / nebula

Nebula Project

https://eclipse.org/nebula

Eclipse Public License 2.0

84 stars 98 forks source link

RichTextWidget: "special" characters lead to crash of widget if setText is used #523

Closed ernstblechaPT closed 11 months ago

ernstblechaPT commented 11 months ago

In the function setText a javascript command is build via string concatenation.

If the user supplied string contains unescaped characters (e.g. ') this leads to the user supplied string being executed by the browser context. In most cases this leads to a crash of the javascript interpreter.

The same problem also applies to insertText and insertHTML.

fipro78 commented 11 months ago

Thanks for providing the PR. Looks good to me, so I merged it.